Update - So I didn’t read your entire post when I responded, but I am assuming if you’re not using the dgraph graphql which is part of dgraph cloud, you’re going to have to create your own graphql endpoints, which gets complicated to use with Apollo Federation. Basically, you start from scratch with just dql, someone who knows this subject better than me can respond here…
You could create an @auth directive for each node like this:
type User @auth(
add: { rule: "{$DENIED: { eq: \"DENIED\" } }"},
update: { rule: "{$DENIED: { eq: \"DENIED\" } }"}
delete: { rule: "{$DENIED: { eq: \"DENIED\" } }"}
) {
but that could get redundant with a bunch of nodes.
The other way of course is to go to Schema → Access → Edit Permissions and uncheck all writes. I believe that covers everything but queries.
J